CVE-2024-35434 Affecting sngrep package, versions *

Q: How to fix?

There is no fixed version for Debian:unstable sngrep .

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-SNGREP-7172107
published31 May 2024
disclosed29 May 2024

Report a new vulnerability Found a mistake?

Introduced: 29 May 2024

CVE-2024-35434 (opens in a new tab)

How to fix?

There is no fixed version for Debian:unstable sngrep.

NVD Description

Note: Versions mentioned in the description apply only to the upstream sngrep package and not the sngrep package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SIP packet.

References

https://security-tracker.debian.org/tracker/CVE-2024-35434
https://github.com/inputzero/Security-Advisories/blob/main/CVE-XXXX-XXXX.md